Jump to:

23471 Posts in 18941 Topics by 2878 members

General Questions

SilverStripe Forums » General Questions » securing admin and security sections with ssl

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 433 Views
  • flare
    Avatar
    Community Member
    1 Post

    securing admin and security sections with ssl Link to this post

    Hi I'm running silverstripe 2.4.5, can anyone point me to any documentation on how I get these areas protected by SSL?

    Currently in _config.php

    I have

    Director :: set_environment_type ('live');

    //force SSL
    $force_ssl = array("/admin/","/Security/");
    $current_url = $_SERVER['REQUEST_URI'];
    if (in_array($current_url,$force_ssl)) {
    Director::forceSSL();
    } elseif ( isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
    $destURL = str_replace('https','http', Director::absoluteURL($_SERVER['REQUEST_URI']));
    header("Location: $destURL", true, 301);
    die('<h1>Your browser is not accepting header redirects</h1><p>Please <a href="'.$destURL.'">click here</a>');
    }

    But this seems to do some of the job but gets into redirection loops and also does not protect the form the credentials are sent to.

    Thanks

  • Willr
    Avatar
    Forum Moderator
    5497 Posts

    Re: securing admin and security sections with ssl Link to this post

    You can pass the URL's you want to protect to forceSSL

    if(Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/'));

    433 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.